Information Processing Apparatus and Method of Controlling Information Processing Apparatus

The disclosure relates to an information processing apparatus and the like. Note that the disclosure is based on Japanese Patent Application No. 2024-190830 filed in Japan on October 30, 2024, the contents of which are incorporated herein by reference.

Some information processing apparatuses such as a Multi-Function Printer/Peripheral (MFP) use a web service using an access token and a refresh token issued by an authentication server.

An object to be solved by the disclosure is to facilitate management related to authentication in an information processing apparatus that uses a service on a network using authentication with a token.

The disclosure provides an information processing apparatus that includes: one or more controllers; a communicator that can communicate with a server via a network, the server executing first authentication based on first authentication information including an account name; and a storage, and the one or more controllers receive a refresh token transmitted by the server according to a result of the first authentication, and controls storage of the refresh token in the storage based on a setting related to whether or not to store the refresh token in the storage.

Furthermore, the disclosure also provides a method of controlling an information processing apparatus that includes a communicator that can communicate with a server via a network, the server executing first authentication based on first authentication information including an account name; and a storage, and includes: a step of receiving a refresh token transmitted by the server according to a result of the first authentication; and a step of controlling storage of the refresh token in the storage based on a setting related to whether or not to store the refresh token in the storage.

According to the disclosure, it is possible to facilitate management related to authentication in an information processing apparatus that uses a service on a network using authentication with a token.

10 10 10 30 Hereinafter, an embodiment of the disclosure will be described with reference to the drawings. For example, a Multi-Function Printer/Peripheral (MFP)will be described as an embodiment of an image processing apparatus in the disclosure. Note that the MFPaccording to the disclosure is not limited to any configuration as long as the MFPis configured to be able to communicate with an authentication servervia a network NW. Note that the following embodiment is an example for describing the disclosure, an example of the disclosure described in the claims will be described, and the technical scope of the disclosure is not limited to the following description.

30 10 10 10 30 10 30 10 30 10 10 30 10 30 10 There is a technique that, when a user is authenticated by the authentication serverusing the MFPand uses a network service on the MFP, stores in the MFPa refresh token issued from the authentication serverin association with user authentication information in the MFP. If the account information of the authentication serveris used for authenticating the user in the MFP, the refresh token and account information of the authentication serverare stored in the MFP. Therefore, there are also users who do not desire to store the refresh token in the MFPbecause storing the refresh token and the account name is not preferable in terms of security, but the above technique does not consider these users. Furthermore, if the account information of the authentication serverstored in the MFPand the account information input on an authentication screen of the authentication serverare different, the different information is stored as the user authentication information of the MFP, and management of the user authentication information becomes complicated.

An object of the disclosure is to facilitate management related to authentication in the information processing apparatus that uses a service on a network using authentication with a token, and is implemented by the following embodiment.

1 FIG. 1 1 10 30 10 30 10 30 30 10 10 30 30 is a schematic conceptual diagram of an authentication systemaccording to a first embodiment of the disclosure. The authentication systemincludes a Multi-Function Printer/Peripheral (MFP)and the authentication server. The MFPand the authentication serverare communicably connected via the network NW. The MFPis an example of an information processing apparatus according to the first embodiment of the disclosure. The authentication serveris a server for authenticating a user of a network service, and a user U is authenticated by the authentication serverusing the MFP, and uses the network service on the MFP. The authentication serverwill be also referred to as the network service.

2 FIG. 10 10 10 is a block diagram of the MFPaccording to the first embodiment of the disclosure. The MFPis an image forming apparatus (image processing apparatus) that is also called a multi-function printer, and typically has a copy function, an image scanner function, a facsimile function, and a printer function. The MFPmay further have other functions, and may have, for example, an email sending/receiving function, a file server function, and the like.

100 10 100 A controllercontrols the entire MFP. The controllerincludes one or more control devices or one or more control circuits, and includes, for example, a Central Processing Unit (CPU) that is a processor that executes various arithmetic processes, a System on a Chip (SoC), and the like.

3 FIG.A 10 100 110 101 103 105 107 is a block diagram for describing a configuration of the controller of the MFPaccording to the first embodiment of the disclosure. The controllerreads programs stored in the storageand executes processing to implement various functions including a device authentication processor, a service authentication processor, a user information acquirer, and a setting processor.

101 103 30 105 30 107 10 10 The device authentication processorexecutes processing related to device authentication to be described later. The device authentication will be also referred to as second authentication. The service authentication processorexecutes processing related to service authentication executed by the authentication server. The service authentication will be also referred to as first authentication. The user information acquirerexecutes processing of acquiring user information from the authentication server. The setting processorexecutes processing related to various settings of the MFPincluding a setting of whether or not to store a refresh token in the MFP.

110 110 110 The storagestores various programs and various types of data necessary for the operation of the image forming apparatus. The storageincludes one or more storage devices that can perform temporary storage, such as a Dynamic Random Access Memory (DRAM) or one or more non-temporary storage devices such as a Solid State Drive (SSD) made of a semiconductor memory or a Hard Disk Drive (HDD) made of a magnetic disk. Furthermore, for convenience of explanation, the storageis configured as one unit, but may be configured as separate devices for each purpose, such as an area used for execution of programs (main storage area), an area that stores programs or data (auxiliary storage area), and an area used for caching.

3 FIG.B 110 10 110 111 113 111 105 105 30 30 105 30 111 113 107 is a block diagram for describing a configuration of the storageof the MFPaccording to the first embodiment of the disclosure. The storageincludes a user information storageand a setting storage. The user information storagestores user information acquired by the user information acquirer. The user information acquireracquires an account name, a service password, and the like as user information. The account name and the service password are an account name and a password, respectively, registered by a user to use the network service(authentication server). The service password will be also referred to as a first password, and a device password to be described later will be also referred to as a second password. Authentication information including the account name and the service password will be also referred to as first authentication information, and the authentication information including the account name and the device password will be also referred to as second authentication information. Note that it is assumed that character strings indicating the account name completely match between the first authentication information and the second authentication information of the same user. Furthermore, the user information acquireracquires a refresh token issued by the authentication serveras the user information. The user information storageassociates an account name, a device password, and a refresh token with each other to store as the user information. The setting storagestores information related to the setting set by the setting processor.

120 120 120 The displaydisplays images and characters. For example, the displayis configured of a Liquid Crystal Display (LCD), an organic Electro-Luminescence (EL) panel, or the like. The displaymay be a single display device, or may further include a display device connected to the outside.

130 130 130 An operation inputteraccepts an operation input from the user. For example, the operation inputterincludes hardware keys and/or software keys. Furthermore, the operation inputterincludes operation keys such as task keys for instructing execution of tasks such as FAX transmission or image reading, and a stop key for instructing stop of an operation.

130 120 130 130 120 The operation inputtercan be configured as a touch panel that enables input via a display. If the operation inputteris configured as the touch panel, the operation inputtercan detect, for example, user's touch, tap, and swipe operations with respect to an object displayed via the display, and can acquire a coordinate position, pressure-sensitive information, or the like of touch panel information. In this case, as an input scheme for the touch panel, a general input scheme such as a resistive film scheme, an infrared scheme, an electromagnetic induction scheme, or a capacitive scheme can be adopted.

140 140 140 140 A communicatorconnects with a network. For example, the communicatoris configured of an interface that can be connected to a wired Local Area Network (LAN), a wireless LAN, or a Long Term Evolution (LTE) network. The communicatoris connected to a network for connection to another device or an external network. Furthermore, the communicatormay be an interface for performing short-distance wireless communication such as Near Field Communication (NFC) or Bluetooth (trade name).

150 10 150 150 The connectorconnects the MFPand another device (external device). For example, the connectoris a USB interface, and is connected with a USB memory or the like. Furthermore, other than a USB interface, the connectormay be an HDMI (trade name) interface or the like.

160 160 160 The image inputterreads an image (document) and outputs the image as image data. The image inputteris configured of a typical scanner (image input device). Furthermore, the image inputtermay receive an input of image data from an external storage medium such as a USB memory, or may receive an image via a network.

170 170 170 170 The image formerforms (prints) an image on a medium such as copy paper based on the image data. A printing scheme for the image formeris arbitrary, and may be, for example, any of an inkjet printer, a laser printer, a thermal transfer printer, and the like. The image formermay be a monochrome printer or a color printer. The image formermay include a paper feed mechanism that supplies the medium, a transport mechanism that transports the medium, a sorter mechanism that sorts the medium after an image is formed, and the like.

4 5 FIGS., 3 FIG.A 6 10 100 , andare flow charts for describing an operation of the MFPaccording to the first embodiment of the disclosure. Note that, although it is preferable that the following processing is appropriately executed by any of the components described in, for convenience of description, the following processing will be described assuming that the controllerexecutes the following processing.

30 100 107 120 130 113 It is assumed that, before the operation described below, the user U has registered an account name and a service password in the network service, and the user U knows their own account name and service password. Furthermore, it is assumed that the controllerfunctions as the setting processorto display a setting screen on the display, accepts an input of various settings including a setting of whether or not to store a refresh token according to an operation of a user (e.g., a user having an administrator authority) such as the user U via the operation inputter, and stores setting information in the setting storage. The setting screen will be described in detail later.

100 113 101 101 100 103 101 100 161 6 FIG. When displaying the user authentication screen, the controllerdetermines whether or not the setting of storing the refresh token is made based on the setting information stored in the setting storage(step). If the setting of storing the refresh token is made (Yes in step), the controllerproceeds to step. If the setting of not storing the refresh token is made (No in step), the controllerproceeds to stepin.

103 100 120 103 In step, the controllerdisplays a first login screen on the display(step). The first login screen is a screen for performing authentication using an account name and a device password to be described later or performing new registration related to this authentication. The first login screen will be described in detail later.

130 105 100 120 107 30 30 10 100 111 When the first login screen is displayed, if an operation of newly registering an account is accepted from the operation inputter(Yes in step), the controllerdisplays an account registration screen on the display(step). The account registration screen is a screen for causing the user U to register a device password to be associated with an account name (that may be referred to simply as an account name) of the network serviceof the user U. The device password is a password that can be registered irrespectively of the service password of the network service, and is a password that is valid only in the MFP. The account registration screen will be described in detail later. When the device password is determined, the controllermay temporarily store the account name and the device password in association with each other in the user information storage.

100 30 140 109 30 10 140 10 100 120 111 When the account name and the device password are input on the account registration screen, the controlleraccesses the authentication servervia the network NW using the communicator(step). In response to this access, the authentication servertransmits data of a service authentication screen for authenticating users of the network service to the MFP. When the communicatorreceives the data of the service authentication screen in the MFP, the controllerdisplays the service authentication screen on the display(step).

100 130 113 100 30 140 130 100 The controlleraccepts the account name and the service password input by the user U using the operation inputteron the displayed service authentication screen (step). The controllertransmits the input account name and service password to the authentication servervia the network NW using the communicator. Note that, instead of inputting the account name input by the user U using the operation inputterto the service authentication screen, the controllermay reflect the account name input on the first login screen as the account name on the service authentication screen.

30 115 30 10 115 30 10 The authentication serverexecutes authentication processing based on the received account name and service password. If the authentication succeeds (Yes in step), the authentication servertransmits the access token and the refresh token to the MFP. If the authentication fails (No in step), the authentication servertransmits the data of the service authentication screen to the MFPagain, and encourages the user U to input the account name and/or the service password again.

30 140 117 140 30 30 119 30 When the authentication in the authentication serversucceeds and the communicatorreceives the access token and the refresh token (step), the communicatortransmits a user information request to the authentication servertogether with the access token received from the authentication server(step). The user information request is an acquisition request related to various information of the user U registered in the network service, and particularly includes an acquisition request related to the account name of the user U.

30 10 The authentication serverhaving received the access token and the user information request transmits user information of the user U to the MFPin response to the user information request based on the access token.

30 121 100 30 123 125 100 117 111 127 120 129 30 123 125 100 120 131 103 When receiving the user information transmitted from the authentication server(step), the controllercompares the account name of the user U registered in the network serviceincluded in the received user information, and the account name of the user U input on the account registration screen (step). If these account names match (Yes in step), the controllerstores the refresh token received in stepin association with the account name of the user U in the user information storage(step), displays a home screen on the display(step), and performs processing assuming that login to the network servicehas succeeded. If the account names compared in stepdo not match (No in step), the controllerdisplays an error on the display(step), and then returns to stepto display the first login screen.

103 105 141 100 130 141 111 143 100 5 FIG. If the operation of selecting new registration is not performed on the first login screen displayed in step(No in step), the processing proceeds to stepin, and the controlleraccepts the input of the account name of the user U and the device password from the operation inputter(step), and authenticates the user U based on the account name of the user U and the device password stored in the user information storage(step). Hereinafter, like this authentication, authentication executed by the controllerbased on the account name and the device password will be referred to as device authentication. The device authentication will be also referred to as second authentication.

145 100 120 147 103 145 100 111 149 30 140 151 151 153 30 10 117 151 153 30 111 If the device authentication fails (No in step), the controllerdisplays an error message indicating that device authentication has failed on the display(step), and then returns to stepto display the first login screen. If the device authentication succeeds (Yes in step), the controllerreads the refresh token associated with the account name of the user U from the user information storage(step), and transmits the refresh token to the authentication servervia the network NW using the communicator(step). If the refresh token transmitted in stepis within an expiration date (Yes in step), the authentication servertransmits the access token and the refresh token to the MFPvia the network NW, and proceeds to above-described step. On the other hand, if the refresh token transmitted in stephas passed the expiration date (No in step), the authentication serverproceeds to above-described step.

101 101 100 161 100 120 161 130 6 FIG. Back to step, if the setting of not storing the refresh token is made (No in step), the controllerproceeds to stepin, and the controllerdisplays a second login screen on the display(step). The second login screen accepts an input of an account name via the operation inputter. The second login screen will be described in detail later.

100 30 163 30 10 140 100 120 165 When the account name is input on the second login screen, the controlleraccesses the authentication server(step). In response to the access, the authentication servertransmits the data of the service authentication screen to the MFP, and, when the communicatorreceives this data, the controllerdisplays the service authentication screen on the display(step).

130 167 100 30 140 130 30 100 30 When the user U inputs the account name and the service password on the displayed service authentication screen using the operation inputter(step), the controllertransmits the input account name and service password to the authentication servervia the network NW using the communicator. Note that, instead of transmitting the account name input by the user U using the operation inputterto the authentication server, the controllermay store the account name input on the second login screen, and transmit the stored account name to the authentication server.

30 10 30 10 When receiving the account name and the service password, the authentication serverauthenticates the account name and the service password, and transmits an authentication result to the MFPvia the network NW. If the authentication succeeds, the authentication servertransmits the access token and the refresh token to the MFP.

140 169 100 165 130 30 30 100 30 30 When the authentication result received by the communicatorindicates an authentication failure (No in step), the controllerreturns to stepto encourage the user U to input the account name and the service password again. That is, unless the operation inputteraccepts an operation of interrupting communication with the authentication server(e.g., an operation of ending displaying a browser that is being executed to access the authentication server), the controllerrepeats displaying the service authentication screen, accepting the input of the authentication information, and transmitting the authentication information to the authentication serveruntil the authentication in the authentication serversucceeds.

140 169 100 171 100 30 140 173 30 10 If the authentication result received by the communicatorindicates an authentication success (Yes in step), the controllerreceives the access token and the refresh token (step). The controllertransmits the received access token and user information request to the authentication servervia the communicatorand the network NW (step). The authentication serverhaving received the access token and the user information request responds to the user information request based on the access token, and transmits the user information to the MFP.

140 175 100 161 175 177 When the communicatorreceives the user information (step), the controllercompares the account name input on the second login screen (step) and the account name included in the user information received in step, and determines whether or not the account names match each other (step).

179 100 111 175 181 120 183 30 179 100 120 185 161 If the two account names match (Yes in step), the controllerupdates the user information stored in the user information storageusing the user information received in step(step), displays the home screen on the display(step), and performs processing assuming that the login to the network servicehas succeeded. If the two account names do not match (No in step), the controllerdisplays an error on the display(step), and returns to step.

117 10 30 121 10 30 117 121 30 100 120 125 131 The above description has been given assuming that, in step, the MFPreceives the access token and the refresh token from the authentication server. Furthermore, the above description has been given assuming that, in step, the MFPreceives the user information from the authentication server. However, in stepsand, for example, if an error response is received from the authentication serveror if reception fails for a reason of a network failure or the like, the controllermay display an error on the displayin the same manner as that in the case where "No" is selected in stepand the processing proceeds to stepto display the error.

175 10 30 30 175 100 120 179 185 Furthermore, the above description has been given assuming that, in step, the MFPreceives the user information from the authentication server. However, if an error response is received from, for example, the authentication serverin stepor if reception fails for a reason of a network failure or the like, the controllermay display an error on the displayin the same manner as that in the case where "No" is selected in stepand an error is displayed in step.

1.4 Operation example of authentication system

7 FIG. 1 30 111 10 10 1 10 10 30 2 10 30 30 10 3 10 30 4 30 10 10 5 10 111 6 7 is a schematic conceptual diagram for describing an operation example of the authentication system. In this example, it is assumed that the account name of the network serviceand the device password are associated with each other and stored in the user information storage, and a setting of storing the refresh token is made in the MFP. First, when the user U inputs the account name and the device password (PW) to the MFP(), the MFPperforms device authentication based on the input account name and device password. When the authentication succeeds, the MFPaccesses the authentication serverand displays the service authentication screen. When the user U inputs an account name and a service password (PW) on the service authentication screen (), the MFPtransmits the input account name and service password to the authentication server. The authentication serverauthenticates the user U based on the received account name and service password, and transmits an access token and the refresh token to the MFP(). The MFPtransmits the user information request to the authentication servertogether with the received access token (). The authentication servertransmits user information corresponding to the access token to the MFPin response to the user information request based on the access token transmitted from the MFP(). The MFPhaving received the user information stores the account name of the user U, the device password, and the refresh token in association with each other in the user information storage(), and displays the home screen ().

10 10 120 107 10 101 105 107 109 111 8 FIG. A screen Dinis an example of a setting screen. The screen Dis displayed on the displayby the setting processor. The screen Dincludes a registration button D, a checkbox D, an update button D, and pull-down menus Dand D.

101 101 10 10 105 105 107 107 10 109 109 111 10 30 111 8 FIG. 8 FIG. 8 FIG. The registration button Dis a button for registering a setting in a state where the registration button Dis displayed on the screen D, and transitioning from the screen Dto another screen (e.g., home screen). The checkbox Dis a checkbox for setting whether or not to store the refresh token. The example inindicates a state where the checkbox Dis set to store the refresh token. The update button Dis a button for updating the setting in a state where the update button Dis displayed on the screen D. The pull-down menu Dis a pull-down menu for setting whether to enable or disable user authentication. The example inindicates a state where the user authentication is set to be enabled in the pull-down menu D. The pull-down menu Dis a pull-down menu for setting an authentication destination when the user logs in to the MFP. The example inindicates a state where the network serviceis set as the authentication destination in the pull-down menu D.

10 10 111 10 100 10 111 8 FIG. It may be possible to set whether or not to store the user information in the MFP. To enable this setting, for example, it is conceivable to provide a check box for setting whether or not to store the user information in the Dof the screen in. If the setting of storing the user information in the user information storageis set to be enabled in the MFPthat can set whether or not to store the refresh token, the controllermay enable the setting of storing the refresh token. On the other hand, if the setting of storing the refresh token is set to be enabled in this MFP, the setting may be restricted such that the setting of storing the user information in the user information storagecannot be disabled.

9 FIG. 20 103 20 105 107 50 111 50 40 50 30 50 112 70 is a diagram for describing screen transition when a setting of storing a refresh token is made. In the case of the setting of storing the refresh token, a first login screen Dis first displayed (step). If new registration is selected on the first login screen D(Yes in step), an account registration screen D40 is displayed (step), and then a service authentication screen Dis displayed (step). At this time, the service authentication screen Dmay be displayed in a state where the login name input on the account registration screen Dis reflected in the account name of the service authentication screen D. When a sign-in button is operated in a state where the account name and the service password of the network serviceare input on the service authentication screen D(step) and authentication succeeds, a home screen Dis displayed.

20 105 20 141 110 30 30 30 70 50 On the other hand, if new registration is not selected on the first login screen D(No in step), when the account name and the device password are input on the first login screen D(step), the refresh token is read from the storageand transmitted to the authentication server, and, if the expiration date of the refresh token is within a valid period, an access token and a refresh token are issued from the authentication server. When the issued access token is transmitted to the authentication serverand authentication succeeds, the home screen Dis displayed without displaying the service authentication screen D.

1 30 30 10 As described above, according to the authentication system, if the setting of storing the refresh token is made, the account name (a login name or a user name) of the network serviceand the device password are associated and registered, and, if the refresh token is within the valid period, the user can be authenticated by the authentication serverand can log in to the MFPonly by inputting the account name and the device password.

10 FIG. 60 161 60 30 50 165 50 167 30 30 30 70 183 is a diagram for describing screen transition when a setting of not storing a refresh token is made. In the case of the setting of not storing the refresh token, a second login screen Dis first displayed (step). As described later, it is not necessary to input a device password on the second login screen D, and, when the account name of the network serviceis input, the screen transitions to the service authentication screen D(step). When the account name and the service password are input on the service authentication screen D(step) and authentication in the network servicesucceeds, an access token and a refresh token are issued from the authentication server, and, when the issued access token is transmitted to the authentication serverand the authentication succeeds, the screen transitions to the home screen D(step).

11 FIG. 4 FIG. 5 FIG. 20 20 201 203 205 207 209 201 30 130 30 30 30 201 130 30 20 203 130 205 130 207 203 207 130 100 105 107 209 130 100 141 145 203 205 is a diagram illustrating an example of the first login screen D. The first login screen Dincludes an authentication destination button D, text input fields Dand D, a new registration button D, and an OK button D. The authentication destination button Dis a button for changing the authentication server (network service)that is the authentication destination according to an operation via the operation inputter. In the figure, "yyy" is displayed as a name of the network service. Note that, instead of displaying the name of the network serviceas the authentication destination, a domain name of the authentication destination of the network servicemay be displayed. When the authentication destination button Dis operated via the operation inputter, an authentication destination designation screen Dto be described later is overlaid and displayed on the first login screen D. The text input field Dis a field for inputting a login name (account name) via the operation inputter. The text input field Dis a field for inputting a device password via the operation inputter. The new registration button Dis a button for newly registering a device password corresponding to a login name (account name) inputted in the text input field D, and, when the new registration button Dis operated via the operation inputter, the controllerdetermines "Yes" in stepin, and proceeds to "display account registration screen" in step. When the OK button Dis operated via the operation inputter, the controllerexecutes device authentication in stepstoinbased on the login name (account name) input in the text input field Dand the device password input in the text input field D.

12 FIG. 12 FIG. 12 FIG. 30 201 20 30 30 301 303 305 307 301 10 303 30 20 303 130 305 305 307 307 is a diagram illustrating an example of a case where an authentication destination designation screen Dis displayed in response to the operation of the authentication destination button Don the first login screen D. The authentication destination designation screen Dis a screen for selecting an authentication destination. The authentication destination designation screen Dincludes buttons Dand D, a text input field D, and a button D, but is not limited thereto. The button Dis a button for selecting a single machine (the MFPin the present embodiment) as the authentication destination. The button Dis a button for selecting "yyy” that is a designation item for designating the network serviceas the authentication destination in the example in. Since "yyy" is selected as the authentication destination in the first login screen D, the button Dmay be displayed in a display mode (a different display color or the like) different from that of the other buttons that are not selected. The text input field D305 is a field for additionally inputting another authentication destination as an option via the operation inputter, and functions as the button Dafter the authentication destination is additionally input. In the example in, the button Dfor selecting an authentication service designated as "zzz" as an authentication destination is displayed. The button Dis a button for confirming the selection of the authentication destination, and the authentication destination selected by the user at a point of time when the button Dis operated is confirmed as a new authentication destination.

13 FIG. 40 40 401 403 405 407 401 130 403 130 405 130 407 401 403 405 130 407 130 100 403 405 401 403 405 403 405 100 120 30 401 40 is a diagram illustrating an example of the account registration screen D. The account registration screen Dincludes text input fields D, D, and Dand a button D. The text input field Dis a field for inputting a login name (account name) to be registered via the operation inputter. The text input field Dis a field for inputting a device password via the operation inputter. The text input field Dis a field for inputting a device password again via the operation inputter. The button Daccepts an operation for registering a login name (account name) and a device password in association with each other based on inputs to the text input fields D, D, and Daccording to the operation via the operation inputter. When the button Dis operated via the operation inputter, the controllercompares character strings input in the text input fields Dand Dwith each other, and, if the character strings match, accepts an operation for registering an account whose login name (account name) is the character string input in the text input field Dand whose device password is the character strings input in the text input fields Dand D. If the character strings input in the text input fields Dand Ddo not match each other, the controllerencourages the device password to be input again by displaying an error message on the display. Note that, since the account name of the user U registered in the network serviceneeds to be input in the text input field D, the user may be guided by, for example, displaying on the account registration screen Dthat the account name needs to be input.

14 FIG. 50 30 50 10 140 50 10 100 50 120 is a diagram illustrating an example of the service authentication screen D. The authentication servertransmits screen data of the service authentication screen Dto the MFPvia the network NW. When the communicatorreceives the screen data of the service authentication screen Din the MFP, the controllerdisplays the service authentication screen Don the displaybased on this screen data.

50 501 503 505 501 130 503 130 505 30 505 30 501 503 50 The service authentication screen Dincludes text input fields Dand Dand a button D. The text input field Dis a field for inputting an account name of a network service via the operation inputter. The text input field Dis a field for inputting a service password via the operation inputter. The button Dis a button for requesting the authentication serverto execute service authentication, and, when the button Dis operated, the authentication serverexecutes service authentication that uses as an account name a character string input in the text input field Dand uses as a service password a character string input in the text input field D. Note that the service authentication screen Dmay include a button for changing the service password, and a button for changing the account name for signing in.

15 FIG. 6 FIG. 60 60 601 603 609 601 30 130 30 601 130 30 60 603 130 609 609 130 100 163 169 603 is a diagram illustrating an example of the second login screen D. The second login screen Dincludes a button D, a text input field D, and a button D. The button Dis a button for changing the authentication server (network service)that is the authentication destination according to an operation via the operation inputter. In the figure, "yyy" is described as the name of the network service. When the button Dis operated via the operation inputter, the authentication destination designation screen Dis overlaid and displayed on the second login screen D. The text input field Dis a field for inputting a login name (account name) via the operation inputter. The button Dis an OK button, and, when the button Dis operated via the operation inputter, the controllerexecutes service authentication in stepstoinbased on the login name (account name) input in the text input field D.

101 105 30 30 10 10 10 10 30 101 105 107 30 125 131 10 30 10 As described above, in a case where the setting of storing the refresh token is made (Yes in step) and new registration is not performed (No in step), the user U can accept the access token from the authentication serveronly by inputting the account name and the device password of the network servicewithin the expiration period of the refresh token. At this time, the user U does not need to input a service password, so that it is possible to reduce a risk of leakage of the service password. The device password is a password used only for authentication inside the MFP, and, even if a third party illegally obtains the device password, the device password is disabled in a device other than the MFP, and, even if the device password of the MFPis used in the device other than the MFP, the access token cannot be accepted from the authentication server, so that it is possible to reduce a risk compared to a case where the service password leaks. Even if the setting of storing the refresh token is made (Yes in step) and new registration is performed (Yes in step), the account name input on the account registration screen (step) and the account name included in the user information received from the authentication serverare compared (step), and an error is displayed if the account names do not match (step). Consequently, it is possible to check whether or not the account name input when an account is registered in the MFPand the account name authenticated by the authentication servermatch, and, if the account names do not match, it is possible to restrict the operation by a person who is currently operating the MFP.

101 161 30 177 185 10 30 10 Furthermore, in a case where the setting of not storing the refresh token is made (No in step), the account name input on the second login screen (step) and the account name included in the user information received from the authentication serverare compared (step), and, if the account names do not match, an error is displayed (step). Consequently, it is possible to check whether or not the account name input when logging in to the MFPmatches the account name authenticated by the authentication server, and, if the account names do not match, it is possible to restrict the operation by the person who is currently operating the MFP.

10 10 10 10 As described above, the MFPcan select a setting of whether or not to store the refresh token. Consequently, when operating the MFP, an administrator of the MFPcan make a setting of not storing the refresh token if storage of the refresh token in the MFPis restricted by the security policy defined by the administrator or the network service, and, on the other hand, can make a setting of storing the refresh token if there is no such restriction.

The disclosure is not limited to the above-described embodiment, and various modifications can be made. In other words, the technical scope of the disclosure also includes embodiments obtained by combining technical means that are appropriately modified within the scope of the gist of the disclosure.

30 130 113 30 30 10 30 Although the authentication serverauthenticates the user U based on the account name and the service password input by the user U via the operation inputterin step, the authentication servermay authenticate the user U using another authentication method. For example, the authentication servermay authenticate the user U based on a result of biometrics authentication (e.g., fingerprint recognition, face recognition, or the like) performed in a terminal other than the MFPpossessed by the user U such as a mobile telephone, a smartphone, or a personal computer of the user U, or authentication that uses a Personal Identification Number (PIN) code. In the disclosure, information used by the authentication serverto authenticate the user U is collectively referred to as authentication information (or first authentication information). The first authentication information includes information related to a result of authentication performed by another terminal in addition to information such as an account name and a service password necessary for so-called password authentication.

The programs running on each device in the embodiment are programs for controlling a CPU or the like (programs for causing a computer to function) to implement the aforementioned functions in the embodiment. Furthermore, information handled by these devices is temporarily accumulated in a temporary storage device (e.g., a RAM) during processing, is then stored in storage devices such as various Read Only Memories (ROMs), HDDs, and Solid State Drives (SSDs), and is read, modified, and written by a CPU as necessary.

Here, the recording medium storing the programs may be any of a semiconductor medium (e.g., a ROM or a nonvolatile memory card), an optical recording medium or a magneto-optical recording medium (e.g., a Digital Versatile Disc (DVD), a Magneto Optical disc (MO), a Mini Disc (MD), a Compact Disc (CD), or a Blu-ray (trade name) Disc (BD)), a magnetic recording medium (e.g., a magnetic tape or a flexible disk), and the like. Furthermore, not only the functions of the above-described embodiment are implemented by executing the loaded program, but also the functions of the disclosure may also be implemented by processing in cooperation with an operating system, another application program, or the like, based on instructions from the program.

Furthermore, when a program is distributed in a market, the program can be stored in a portable recording medium and distributed, or can be transferred to a server computer connected via a network such as the Internet. In this case, it is obvious that a storage device of the server computer is also included in the disclosure.

1 Authentication system

10 Multi-Function Printer/Peripheral (MFP)

30 Network service (authentication server)

100 Controller

101 Device authentication processor

103 Service authentication processor

105 User information acquirer

107 Setting processor

110 Storage

110 A ROM (Read Only Memory)

110 B RAM (Random Access Memory)

110 C Storage section

111 User information storage

113 Setting storage

120 Display

130 Operation inputter

140 Communicator

150 Connector

160 Image inputter

170 Image former

NW Network

U User